public/grafana
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[v10.0.x] Auth: Update docs on use PKCE by default (#69269)

Browse Source 
Auth: Update docs on use PKCE by default (#68638)

* Auth: Update docs on use PKCE by default. (#68073)

Signed-off-by: junya koyama <arukiidou@yahoo.co.jp>

* Fix: docs review - from introduces to provides https://github.com/grafana/grafana/pull/68638/files#r1200506006

Signed-off-by: junya koyama <arukiidou@yahoo.co.jp>

* Fix docs - Remove note about a version https://github.com/grafana/grafana/pull/68638/files#r1200508038

Signed-off-by: junya koyama <arukiidou@yahoo.co.jp>

* Update docs/sources/setup-grafana/configure-security/configure-authentication/azuread/index.md

---------

Signed-off-by: junya koyama <arukiidou@yahoo.co.jp>
Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com>
(cherry picked from commit 345b7fadc9)

Co-authored-by: arukiidou <arukiidou@yahoo.co.jp>
This commit is contained in:
Grot (@grafanabot)
2023-05-30 17:49:49 +01:00
committed by GitHub
parent 2b95f85f29
commit ae50b74046
5 changed files with 87 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
docs/sources/setup-grafana/configure-security/configure-authentication/google/index.md
+10
View File
@@ -41,6 +41,7 @@ auth_url = https://accounts.google.com/o/oauth2/auth
token_url = https://accounts.google.com/o/oauth2/token
allowed_domains = mycompany.com mycompany.org
hosted_domain = mycompany.com
use_pkce = true
```
You may have to set the `root_url` option of `[server]` for the callback URL to be
@@ -58,6 +59,15 @@ automatically signed up.
You may specify a domain to be passed as `hd` query parameter accepted by Google's
OAuth 2.0 authentication API. Refer to Google's OAuth [documentation](https://developers.google.com/identity/openid-connect/openid-connect#hd-param).
### PKCE
IETF's [RFC 7636](https://datatracker.ietf.org/doc/html/rfc7636)
introduces "proof key for code exchange" (PKCE) which provides
additional protection against some forms of authorization code
interception attacks. PKCE will be required in [OAuth 2.1](https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-03).
> You can disable PKCE in Grafana by setting `use_pkce` to `false` in the`[auth.google]` section.
### Configure refresh token
> Available in Grafana v9.3 and later versions.